﻿using System;
using System.Security;
using System.Security.Principal;
using AzManPermissions;

namespace AzManService
{
  /// <summary>
  /// AzMan remote checking WCF service. Works only when principal policy is set to PrincipalPolicy.WindowsPrincipal
  /// </summary>
  public class AzManService : AzManPermissions.IAzManService
  {
    /// <summary>
    ///
    /// </summary>
    static AzManService()
    {
      AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    }

    /// <summary>
    /// Checks whether the current principal is allowed to perform the operation described in parameters.
    /// </summary>
    /// <param name="name">The name of the <see cref="T:System.Security.Principal.IPrincipal" /> object's user.</param>
    /// <param name="objectName">The string used for AzMan run-time auditing.</param>
    /// <param name="scopeName">The name of a scope as defined in the AzMan store.</param>
    /// <param name="operation">The AzMan operation number to check for.</param>
    /// <returns>True, if the <see cref="T:System.Security.Principal.IPrincipal" /> object's user is allowed to perform the described operation.</returns>
    public bool AccessCheck(string name, string objectName, string scopeName, int operation)
    {
      try
      {
        new AzManOperationPermission(name, operation, scopeName, objectName).Demand();
        return true;
      }
      catch (SecurityException)
      {
        return false;
      }
    }
  }
}